Apache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass
CVE-2026-47342

Currently unrated

Key Information:

Vendor

Apache
Status
Apache Ofbiz
Vendor
CVE Published:
10 June 2026

What is CVE-2026-47342?

A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user to obtain higher privileges

This issue affects Apache OFBiz: before 24.09.07.

Users are recommended to upgrade to version 24.09.07, which fixes the issue.

Affected Version(s)

Apache OFBiz 0 < 24.09.07

References

https://lists.apache.org/thread/xqph4qjm163kmp0tcg9dodl6j...
vendor-advisory

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Le Huynh Duc (lwd3c)
.